1. Download & Extract

1

Download DSC

Download the DSC mailed to user by VPN Support (vpnservices@nic.in), save it on user computer.

2

Download Cisco AnyConnect Client

Download Cisco any connect secure mobility client through https://vpn.nic.in

Download Client Screenshot

VPN Portal Download Screen

3

Uploading Files to the server

Use Winscp and upload the following files to the server.
a. Certificate PFX file
b. Cisco anyconnect client
c. Nss-tool package

Download Client Screenshot

Uploading Files to server

2. Tool Installation

4

Install the cisco anyconnect client

Run the following commands one by one for the installation:

a) tar -xvf anyconnect-linux-64-5.1.8.122-k9.tar.gz
b) cd cisco-secure-client-linux64-5.1.8.122/vpn/
c) ./vpn_install.sh
d) cd ../..
e) restorecon -v /etc/systemd/system/vpnagentd.service
f) systemctl status vpnagentd
g) systemctl enable --now vpnagentd
Extract folder Screenshot

Cisco Anyconnect Client Installation

5

Check if the service has been active

Run the following command to check if the service is active:

a) systemctl status vpnagentd
Terminal installation Screenshot

Active Service

6

Install the nss-tools packages

Install the nss-tools packages and proceed to the next step.

Note: For complete installation instructions Click here on Nss Tools Packages Installation.

3. Import Certificate (DSC)

7

Create the following directories

Run the following commands one by one to create the directories.

a) mkdir -p /opt/.cisco/certificates/client/private
b) mkdir -p /opt/.cisco/certificates/ca
c) chmod 755 /opt/.cisco/certificates/client
d) chmod 700 /opt/.cisco/certificates/client/private
Preferences window Screenshot

Create Directories

8

Install the certificates and keys

Install the Certificate by running the following commands.

Note: Enter the PKCS12 and Import password whenever its required during installation.

a) pk12util -i cert.pfx -d sql:/etc/pki/nssdb
b) openssl pkcs12 -in cert.pfx -out root_ca.pem -nodes -cacerts
c) certutil -A -n "VPN_Root_CA" -t "CT,C,C" -i root_ca.pem -d sql:/etc/pki/nssdb
d) openssl pkcs12 -in cert.pfx -clcerts -nokeys -out vpn_client.pem
e) mv vpn_client.pem /opt/.cisco/certificates/client/
f) openssl pkcs12 -in cert.pfx -nocerts -nodes -out vpn_client.key
g) mv vpn_client.key /opt/.cisco/certificates/client/private/vpn_client.key
h) chmod 644 /opt/.cisco/certificates/client/vpn_client.pem
i) chmod 600 /opt/.cisco/certificates/client/private/vpn_client.key
View Certificates Screenshot

Certificate Installation

9

Create a user profile

To create a user profile, open a file by running the following command.

a) vi /opt/cisco/secureclient/vpn/profile/nic_vpn.xml
User Profile Creation Screenshot

User Profile Creation

10

Paste the following content in the above file

After opening the file paste the following the command in the above file.

<?xml version="1.0" encoding="UTF-8"?> <AnyConnectProfile> <ClientInitialization> <AutomaticCertSelection>true</AutomaticCertSelection> <CertificateStore>All</CertificateStore> <CertificateStoreOverride>true</CertificateStoreOverride> </ClientInitialization> <ServerList> <HostEntry> <HostName>sconnect.nic.in</HostName> <HostAddress>sconnect.nic.in</HostAddress> </HostEntry> </ServerList> </AnyConnectProfile>
Profile Creation Command

Profile Creation Command

4. Connect to VPN

11

Restart the service

Restart the Service by running the following command.

a) systemctl restart vpnagentd
Service Restart

Service Restart

12

Connect with vpn service

Run the following command to connect with the vpn service.

a) /opt/cisco/secureclient/bin/vpn connect sconnect.nic.in
Connect with VPN services

VPN Service Connection

13

To Disconnect with vpn services

Run the following command to disconnect with the vpn service.

a) /opt/cisco/secureclient/bin/vpn disconnect
VPN Disconnection

VPN Disconnection